Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 8.5 CVE-2026-9151

Command Injection Vulnerability in OpenVPN on Multiple TP-Link Archer Routers_CVE-2026-9151

An OS command injection vulnerability exists in the VPN module of TP-Link Archer AX12 v1, AX17 v1. AX18 v1, and AX1300 v1.6 routers. This vulnerabi...

TP-Link Systems Inc. Archer AX12 V1 CVE
HIGH 8.5 CVE-2026-50570

Fission: Incomplete capability denylist in Environment/Function PodSpec validation allows tenant-added CAP_SYS_TIME and cross-tenant node wall-clock corruption_CVE-2026-50570

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior...

fission fission < 1.25.0 CVE
MEDIUM 4.3 CVE-2026-50569

Fission: HTTPTrigger admission omits RelativeURL / Prefix validation; kubectl apply bypasses CLI checks_CVE-2026-50569

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior...

fission fission < 1.25.0 CVE
LOW 3.6 CVE-2026-50568

Fission: SanitizeFilePath lexical HasPrefix bypass permits sibling-directory escape_CVE-2026-50568

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior...

fission fission < 1.25.0 CVE
HIGH 7.7 CVE-2026-50567

Fission: Zip Slip in pkg/utils/zip.go:Unarchive allows fetcher to write outside the destination directory_CVE-2026-50567

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior...

fission fission < 1.25.0 CVE
CRITICAL 9.9 CVE-2026-50566

Fission: Environment Runtime.Container and Builder.Container SecurityContext bypass allows privileged pod creation_CVE-2026-50566

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior...

fission fission < 1.24.0 CVE
MEDIUM 4.9 CVE-2026-50565

Fission builder pods auto-mount the fission-builder ServiceAccount token in the user-supplied builder container_CVE-2026-50565

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior...

fission fission < 1.24.0 CVE
CRITICAL 9.9 CVE-2026-50564

Fission Environment CRD podspec passthrough enables hostPID/hostNetwork/privileged pods, node escape_CVE-2026-50564

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior...

fission fission < 1.24.0 CVE
CRITICAL 9.9 CVE-2026-50563

Fission Container Executor Function PodSpec Injection Leading to Node Escape_CVE-2026-50563

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior...

fission fission < 1.24.0 CVE
CRITICAL 9.9 CVE-2026-50545

Fission Environment CRD PodSpec Injection Leading to Node Escape and Cluster Takeover_CVE-2026-50545

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior...

fission fission < 1.24.0 CVE